Email this article to a friend

Army ponders proper shape, size of cyber workforce

Jared Serbu reports.

As the Army builds up a force to operate in its newest warfighting domain —
cyber — it's wrestling through a lot of tough questions. How big should the
cyber force be? What's the right mix of soldiers, civilians and contractors? And
how does DoD need to change its legacy personnel systems to bring the best
possible talent on board?

The military as a whole is in the process of building 133 cyber mission teams with
responsibilities for offensive cyber operations, defensive cyber operations and
operating DoD's own networks. The Army will contribute 41 teams to that joint
effort out of a cadre of soldiers it's building under the auspices of Army Cyber
Command, which formally stood up just three years ago.

But Lt. Gen. Edward Cardon, Army Cyber Command's commander, said for now,
it's impossible to tell whether that force is too big or too small.

"Let's get demonstrated capability out there, and then we're going to find out
things we know and don't know and we can adapt our organizational structure," he
said. "I'm arguing within the Army that the entire cyber force should be re-looked
at about once every two years. I think we're on the inflection point of some
pretty amazing technologies coming into the operational sphere. Just with cloud
computing and the explosion of mobile devices, the rapid development on
supervisory control and data acquisition systems. The impact of Mr. [Edward]
Snowden and what's that done to our community in terms of the insider threat. When
you start putting all these things together and you try and predict out a couple
years from now what size force we need, I'm not sure you can do that. What I do
know is we gotta get the best people possible."

Cardon said it's taken a few years to get the Army's initial set of cyber
operators trained and ready, and he's comfortable with the service's current plans
to build up its cyber force, which cover the time period up to 2017. But he said
the Army needs to be willing to adapt those plans.

"I talk to our senior officials all the time about reexamining the force, having
an acquisition strategy that operates inside a two-year cycle, and our current
Army processes to manage capabilities in this domain, including human talent,
aren't capable of keeping up with this kind of speed," he said. "I think we're
starting to see some movement in the area of institutional adaptation. There's
recognition of this."

Easier path for reservists

One particular question surrounds the Army's use of members of the National Guard
and Reserve to perform cyber missions. Many of those members work in IT fields in
their civilian jobs, and the military knows they're a huge potential source of
untapped talent for cyber missions. But Cardon said the elite cyber teams the
Army's trying to build aren't particularly well-suited for part-time work.

"The level of training that some of these operators get requires continuous work
on the network," he said. "They complain about going away to the warrior leader
course for four weeks, because things really evolve in four weeks and they feel
very behind. So a 52-day training model is not going to work for this."

Instead, Cardon said he'd like to see Army hiring systems changed so that those
people can be brought on board as full-time Army civilians.

"There is some discussion on lateral entry, and how we would do that," he said.
"Are the Army civilian hiring processes good enough to get the super users out
there? Probably not. We need a little different structure. And when I asked for a
different structure, it's like, 'Well, we don't have the legislative authority for
that.' OK, let's ask. This is the kind of innovation we need. It's not just
technical innovations inside the cyber domain, it's the institutional domain to
build it."

For active duty soldiers, Army cyber leaders say they are making progress toward
training and retaining a skilled cyber workforce. Two years ago, the Army created
its first occupational field for cyber specialists, but it's still too early to
tell whether those soldiers will be lured away to more lucrative jobs in private
industry before the Army's substantial investment in their training pays off.

Can't punish cyber warriors

Sergeant Maj. Rodney Harris, the senior enlisted adviser at Army Cyber Command,
said he thinks many of his soldiers will take a comparatively smaller paycheck
because the missions they perform in the military simply don't exist in the
commercial world. But he sees another problem — the current Army personnel
system is set up to punish soldiers for specializing in network warfare and
sticking with it.